Fraudsters are using fake social media websites to gain access to companies
By stealing the login credentials to social media websites attackers can gain access to employees work accounts.
The weakest link of any system is always connected to humans working in it. 9 out of 10 successful attacks is successful thanks to phishing.
Fraudsters create fake websites, impersonating Facebook, Instagram, Twitter, LinkedIn and then sending urgent messages/e-mails, indicating that action is needed, otherwise the account may be suspended or deleted. There is always a link there to change the password. To do that, you need to put in your current e-mail/username and password.
Attackers are hoping that by intercepting one password they can get into other accounts. And it’s a valid point – many people use the same passwords (or just with little changes) on multiple websites. Many employees also have problems with recognizing phishing because companies don’t invest enough into cybersecurity training.
- no website will ever send a message with link to log in – always log in and change passwords by typing the address yourself,
- use password managers (Keepass, LastPass) to generate strong passwords and store them securely.